ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1497432 - in /webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl: processor/output/BinarySecurityTokenOutputProcessor.java processor/output/EncryptOutputProcessor.java securityToken/SecurityTokenFactoryImpl.java
Date Thu, 27 Jun 2013 16:37:00 GMT
Author: coheigea
Date: Thu Jun 27 16:37:00 2013
New Revision: 1497432

URL: http://svn.apache.org/r1497432
Log:
Added functionality to get SymmetricBinding Kerberos use-cases working

Modified:
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/BinarySecurityTokenOutputProcessor.java
Thu Jun 27 16:37:00 2013
@@ -36,6 +36,7 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 import javax.crypto.spec.SecretKeySpec;
@@ -57,6 +58,7 @@ public class BinarySecurityTokenOutputPr
             final X509Certificate[] x509Certificates;
             String reference = null;
             Key key = null;
+            TokenType tokenType = WSSecurityTokenConstants.X509V3Token;
 
             XMLSecurityConstants.Action action = getAction();
             if (WSSConstants.SIGNATURE.equals(action)
@@ -76,6 +78,9 @@ public class BinarySecurityTokenOutputPr
                         if (securityToken != null) {
                             key = securityToken.getSecretKey(getSecurityProperties().getSignatureAlgorithm());
                             reference = securityToken.getSha1Identifier();
+                            if (securityToken.getTokenType() != null) {
+                                tokenType = securityToken.getTokenType();
+                            }
                         }
                     }
                 }
@@ -148,7 +153,7 @@ public class BinarySecurityTokenOutputPr
             }
 
             final GenericOutboundSecurityToken binarySecurityToken =
-                    new GenericOutboundSecurityToken(bstId, WSSecurityTokenConstants.X509V3Token,
key, x509Certificates);
+                    new GenericOutboundSecurityToken(bstId, tokenType, key, x509Certificates);
             binarySecurityToken.setSha1Identifier(reference);
             final SecurityTokenProvider<OutboundSecurityToken> binarySecurityTokenProvider
=
                     new SecurityTokenProvider<OutboundSecurityToken>() {
@@ -169,8 +174,9 @@ public class BinarySecurityTokenOutputPr
                 outputProcessorChain.getSecurityContext().put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE,
bstId);
                 boolean includeSignatureToken = 
                     ((WSSSecurityProperties) getSecurityProperties()).isIncludeSignatureToken();
-                if (includeSignatureToken 
-                    || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier()))
{
+                if ((includeSignatureToken 
+                    || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(getSecurityProperties().getSignatureKeyIdentifier()))
+                    && !WSSecurityTokenConstants.KerberosToken.equals(tokenType))
{
                     FinalBinarySecurityTokenOutputProcessor finalBinarySecurityTokenOutputProcessor
= new FinalBinarySecurityTokenOutputProcessor(binarySecurityToken);
                     finalBinarySecurityTokenOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                     finalBinarySecurityTokenOutputProcessor.setAction(getAction());

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/EncryptOutputProcessor.java
Thu Jun 27 16:37:00 2013
@@ -46,6 +46,7 @@ import org.apache.xml.security.stax.impl
 import org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
@@ -95,7 +96,8 @@ public class EncryptOutputProcessor exte
                                     encryptionPartDef,
                                     xmlSecStartElement,
                                     outputProcessorChain.getDocumentContext().getEncoding(),
-                                    securityToken.getSha1Identifier()
+                                    securityToken.getSha1Identifier(),
+                                    securityToken.getTokenType()
                             );
                     internalEncryptionOutputProcessor.setXMLSecurityProperties(getSecurityProperties());
                     internalEncryptionOutputProcessor.setAction(getAction());
@@ -124,9 +126,10 @@ public class EncryptOutputProcessor exte
 
         private boolean doEncryptedHeader = false;
         private final String sha1Identifier;
+        private final TokenType tokenType;
 
         InternalEncryptionOutputProcessor(EncryptionPartDef encryptionPartDef, XMLSecStartElement
xmlSecStartElement, 
-                                          String encoding, String sha1Identifier)
+                                          String encoding, String sha1Identifier, TokenType
tokenType)
                 throws XMLSecurityException, XMLStreamException {
 
             super(encryptionPartDef, xmlSecStartElement, encoding);
@@ -134,6 +137,7 @@ public class EncryptOutputProcessor exte
             this.addBeforeProcessor(InternalEncryptionOutputProcessor.class.getName());
             this.addAfterProcessor(EncryptOutputProcessor.class.getName());
             this.sha1Identifier = sha1Identifier;
+            this.tokenType = tokenType;
         }
 
         protected OutputStream applyTransforms(OutputStream outputStream) throws XMLSecurityException
{
@@ -224,10 +228,20 @@ public class EncryptOutputProcessor exte
                     WSSUtils.createEncryptedKeySha1IdentifierStructure(this, outputProcessorChain,
getEncryptionPartDef().getSymmetricKey());
                 }
             } else {
-                createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
true, null);
+                if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
+                    List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(2);
+                    attributes.add(createAttribute(WSSConstants.ATT_wsu_Id, IDGenerator.generateID(null)));
+                    attributes.add(createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
+                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
false, attributes);
+                } else {
+                    createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference,
true, null);
+                }
                 
                 List<XMLSecAttribute> attributes = new ArrayList<XMLSecAttribute>(1);
                 attributes.add(createAttribute(WSSConstants.ATT_NULL_URI, "#" + getEncryptionPartDef().getKeyId()));
+                if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
+                    attributes.add(createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_GSS_Kerberos5_AP_REQ));
+                }
                 createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference,
false, attributes);
                 createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
             }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1497432&r1=1497431&r2=1497432&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
Thu Jun 27 16:37:00 2013
@@ -258,7 +258,7 @@ public class SecurityTokenFactoryImpl ex
                         return createSecurityTokenProxy(securityTokenProvider.getSecurityToken(),
                                 WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                     }
-
+                    
                     try {
                         //ok we have to find the token via digesting...
                         MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
@@ -280,8 +280,10 @@ public class SecurityTokenFactoryImpl ex
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
e);
                     }
 
-                    throw new WSSecurityException(
-                            WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken",
keyIdentifierType.getValue());
+                    // Finally, just delegate to a Callback as per EncryptedKeySHA1
+                    return new EncryptedKeySha1SecurityTokenImpl(
+                            (WSInboundSecurityContext) inboundSecurityContext, callbackHandler,

+                            keyIdentifierType.getValue(), securityTokenReferenceType.getId());
                 } else {
                     //we do enforce BSP compliance here but will fail anyway since we cannot
identify the referenced token
                     ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3063);



Mime
View raw message